CVE-2026-44681

Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to 1.6.12 and 1.7.1, an unauthenticated open redirect in Authlib's OpenIDImplicitGrant and OpenIDHybridGrant authorization endpoint lets a remote attacker cause the authorization server to issue an HTTP 302 to an...

CVE-2026-44681 Authlib: Open Redirect in Authlib OIDC Implicit/Hybrid Authorization

Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to 1.6.12 and 1.7.1, an unauthenticated open redirect in Authlib's OpenIDImplicitGrant and OpenIDHybridGrant authorization endpoint lets a remote attacker cause the authorization server to issue an HTTP 302 to an...

CVE-2026-40166 authentik: Non-admin user can retrieve confidential OAuth client_secret via /api/v3/oauth2/access_tokens/

authentik is an open-source identity provider. In versions prior to 2025.12.5 and 2026.2.0-rc1 through 2026.2.2, authenticated non-admin users with at least one OAuth2 access token can retrieve the clientsecret of confidential OAuth2 providers they have previously authenticated against, exposing...

CVE-2026-4630

A flaw was found in Keycloak. An authenticated client could exploit an Insecure Direct Object Reference IDOR vulnerability in the Authorization Services Protection API endpoint. By knowing or obtaining a resource's unique identifier UUID belonging to another Resource Server within the same realm,...

GHSA-R95X-QFJJ-FJJ2 Authlib OIDC Implicit/Hybrid Authorization Vulnerable to Open Redirect

Summary An unauthenticated open redirect in Authlib's OpenIDImplicitGrant and OpenIDHybridGrant authorization endpoint lets a remote attacker cause the authorization server to issue an HTTP 302 to an attacker-chosen URL by submitting an authorization request that omits the openid scope. Details...

PT-2026-39247

Name of the Vulnerable Software and Affected Versions free5GC versions prior to 4.2.2 Description The PCF handler for the endpoint "/npcf-policyauthorization/v1/app-sessions" contains a flaw that causes a runtime panic when processing a specific authenticated request. This occurs when the...

CVE-2026-32246 Tinyauth vulnerable to TOTP/2FA bypass via OIDC authorize endpoint

Tinyauth is an authentication and authorization server. Prior to 5.0.3, the OIDC authorization endpoint allows users with a TOTP-pending session password verified, TOTP not yet completed to obtain authorization codes. An attacker who knows a user's password but not their TOTP secret can obtain...

CVE-2026-32246 Tinyauth vulnerable to TOTP/2FA bypass via OIDC authorize endpoint

Tinyauth is an authentication and authorization server. Prior to 5.0.3, the OIDC authorization endpoint allows users with a TOTP-pending session password verified, TOTP not yet completed to obtain authorization codes. An attacker who knows a user's password but not their TOTP secret can obtain...

CVE-2024-26477

An issue in Statping-ng v.0.91.0 allows an attacker to obtain sensitive information via a crafted request to the api parameter of the oauth, amazonsns, export endpoints...

CVE-2024-26477

Statping-ng 0.91.0 contains an information-disclosure flaw. A crafted request to the api parameter of the oauth, amazon_sns, and export endpoints can reveal sensitive data. The available connected records confirm the affected product and endpoints but do not specify root-cause details, exploitati...

CVE-2025-12028 IndieAuth <= 4.5.4 - Cross-Site Request Forgery to Account Takeover via Stolen OAuth Tokens

The IndieAuth plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.5.4. This is due to missing nonce verification on the loginformindieauth function and the authorization endpoint at wp-login.php?action=indieauth. This makes it possible for...

CVE-2025-12028

CVE-2025-12028 (IndieAuth WordPress plugin) : The IndieAuth plugin (versions ≤ 4.5.4) is vulnerable to Cross-Site Request Forgery due to missing nonce verification in login_form_indieauth() and the wp-login.php?action=indieauth endpoint. This enables an unauthenticated attacker to induce a logged...

EUVD-2025-35817

The IndieAuth plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.5.4. This is due to missing nonce verification on the loginformindieauth function and the authorization endpoint at wp-login.php?action=indieauth. This makes it possible for...

PT-2025-43600

Name of the Vulnerable Software and Affected Versions WordPress IndieAuth plugin versions prior to 4.5.4 Description The software is susceptible to Cross-Site Request Forgery CSRF due to missing nonce verification. Specifically, the login form indieauth function and the authorization endpoint at...

EUVD-2025-20823

Malicious code in bioql PyPI...

CVE-2025-40698 SQL injection vulnerability in Prevengos

SQL injection vulnerability in Prevengos v2.44 by Nedatec Consulting. This vulnerability allows an attacker to retrieve, create, update, and delete databases by sending a POST request using the parameters “mpsCentroin”, “mpsEmpresa”, “mpsProyecto”, and “mpsContrata” in...

CVE-2025-40698

CVE-2025-40698 concerns Prevengos, a vulnerability in Prevengos v2.44 by Nedatec Consulting. A SQL injection is triggered via a POST to the API endpoint "/servicios/autorizaciones.asmx/mfsRecuperarListado" using the parameters mpsCentroin , mpsEmpresa , mpsProyecto , and mpsContrata . The affecte...

Cloudflare Public Bug Bounty: Second-Order XSS via javascript protocol in MCP Server Portal Apps leads to ATO

The vulnerability in the MCP Server Portal Apps was caused by missing sanitization of the redirecturi parameter, leading to a second-order XSS vulnerability. An attacker could craft a malicious redirecturi containing JavaScript code, obtain a clientid for this URI, and reuse it when a victim had ...

CVE-2025-6514 OS command injection in mcp-remote when connecting to untrusted MCP servers

mcp-remote is exposed to OS command injection when connecting to untrusted MCP servers due to crafted input from the authorizationendpoint response URL...

CVE-2025-6514

CVE-2025-6514 affects the mcp-remote npm package (versions 0.0.5–0.1.15); it was fixed in 0.1.16 (released 2025-06-17). The vulnerability causes OS command injection when mcp-remote connects to untrusted MCP servers via crafted input in the authorization_endpoint URL, enabling remote code executi...